From 625fadb68dfb75cf4c6cc170db13029b0518485c Mon Sep 17 00:00:00 2001 From: Roland Bewick Date: Fri, 15 May 2026 15:27:55 +0700 Subject: [PATCH 1/2] chore: update publish workflow to support npm OIDC --- .github/workflows/publish.yml | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 58eeb97f..bada0b37 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -7,16 +7,20 @@ on: release: types: [published] +permissions: + id-token: write # Required for OIDC + contents: read + jobs: build: runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 - - uses: actions/setup-node@v3 + - uses: actions/setup-node@v4 with: - node-version: 20 + node-version: 24 - run: yarn install --frozen-lockfile - - run: yarn test + #- run: yarn test publish-npm: needs: build @@ -25,9 +29,7 @@ jobs: - uses: actions/checkout@v3 - uses: actions/setup-node@v3 with: - node-version: 20 + node-version: 24 registry-url: https://registry.npmjs.org/ - run: yarn install --frozen-lockfile - - run: npm publish - env: - NODE_AUTH_TOKEN: ${{secrets.NPM_TOKEN}} + - run: npm publish --provenance --access public From bbc23eefb46ac3228ed8f5b8c13e647e921b8116 Mon Sep 17 00:00:00 2001 From: Roland Bewick Date: Fri, 15 May 2026 15:33:22 +0700 Subject: [PATCH 2/2] fix: re-enable test and use correct setup-node --- .github/workflows/publish.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index bada0b37..bf48cb2d 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -20,14 +20,14 @@ jobs: with: node-version: 24 - run: yarn install --frozen-lockfile - #- run: yarn test + - run: yarn test publish-npm: needs: build runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 - - uses: actions/setup-node@v3 + - uses: actions/setup-node@v4 with: node-version: 24 registry-url: https://registry.npmjs.org/